Geek Answers Handbook

Using @PreAuthorize or @Secured with Jersey when using the configuration class

I have a problem similar to PreAuthorize Annotations do not work with knitwear . I created a configuration class for Spring Security and authentication works, but authorization does not work.

Here is my code

SpringSecurityConfig.java

@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) @Order(1) @ComponentScan({"com.foo.rest.resources.Template"}) public class SpringSecurityConfig extends WebSecurityConfigurerAdapter { private final UserService userService; private final TokenAuthenticationService tokenAuthenticationService; public SpringSecurityConfig() { super(true); this.userService = new UserService(); tokenAuthenticationService = new TokenAuthenticationService("tooManySecrets", userService); } @Override protected void configure(HttpSecurity http) throws Exception { http .exceptionHandling().and() .anonymous().and() .servletApi().and() .headers().cacheControl().and() .authorizeRequests() // Allow anonymous logins .antMatchers("/auth/**").permitAll() // All other request need to be authenticated .anyRequest().authenticated().and() // Custom Token based authentication based on the header previously given to the client .addFilterBefore(new StatelessAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService()).passwordEncoder(new BCryptPasswordEncoder()); } @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Bean @Override public UserService userDetailsService() { return userService; } @Bean public TokenAuthenticationService tokenAuthenticationService() { return tokenAuthenticationService; } }

and Template.java

 @Component @Path("/template") @Produces(MediaType.APPLICATION_JSON) public class Template { @GET @Secured("ROLE_EDITOR") public User getTemplate() { return new Template(); } }

My assumption is that authentication is processed in the filter chain, but it does not return after reaching the authorization tag. Any idea how to make this work?

+5
source share
1 answer

I think your @ComponentScan not configured correctly and did not select the Template resource correctly.

According to the @ComponentScan documentation, the value is an alias for basePackages , but you gave a class instead of a package. Try and modify it to look next and see.

 @ComponentScan({"com.foo.rest.resources.*"})

And make sure you don't skip any steps in Spring Jersey Integration as per the documentation

+1
source

More articles:


All Articles